Application Serial No.: 10/501,302 

Amendment in Response to Office Action dated July 9, 2007 
Amendment Date: March 7, 2008 

AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions and l istings of claims in the application: 

1 . (Currently Amended) A computer system for providing security awareness in an 
organization, comprising: 

a memory means, constituted by a hard disk or Random Access Memory device, 

a central processor unit connected to said memory means, 

an input device, constituted by a mouse or keyboard device, connected to said 
central processor unit, for the input of a piece of security information into said computer 
system, 

an output device, constituted by a printer or display device, connected to said 
central processor unit for the output of security information, 

a policy module communicating with said input device and said memory means 
for the conversion of said piece of security information into an information security 
object (ISO), said information security obj e ct stored in said memory means, and 

a survey module communicating with said memory means and said output means 
for generating from said information security obje ct ISO an element of a questionnary 
questionnaire to be output by means of said output device; 

wherein said ISO contains content categorized as object category, object 
descriptor, object content, content category, and target group . 

2. (Currently Amended) The computer system according to claim 1, further 
comprising an educational module communicating with said memory means for receiving 
through said input device a set of answers to said qu e stiomw y questionnaire and for comparing 
said set of answers of said questionnary questionnaire with said information security objects ISO 
for determining the correct and the incorrect answers, and generating, based on said incorrect 
answers, an educational program to be output by means of said output device. 

3. (Original) The computer system according to claim 2, said set of answers being 
stored in said memory means. 
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4. (Currently Amended) The computer system according to any of the claims 1-3, 
said memory means being organized as a database. 

5. (Currently Amended) The computer system according to any of the claims 1-3, 
said computer system constituting a stand alone computer or alternatively a computer system 
including a network and a plurality of PC^ personal computers each including an input device 
and an output device to be operated by a respective user. 

6. (Currently Amended) The computer system according to any of the claims 1-3, 
wherein said central processor unit controls in said conversion of said piece of said security 
information into said information security object ISO , and said policy module to check checks in 
said memory means t he possible presence of for a corresponding security information object 
ISO. 

7. (Currently Amended) A method of providing security awareness in an 
organization, comprising: 

receiving a piece of security information, 

modularising said piece of security information to create an information security 
object (ISO). 

storing said piec e of security information in a m e mory means as an information 
s e curity obj e ct ISO in a memory means, said information security obj e ct ISO being 
generated in a policy module, 

generating in a survey module an element of a questionnary questionnaire from 
said information s e curity object ISO , and 

outputting said questionnary questionnaire including said element; 

wherein said ISO contains content categorized as object category, object 
descriptor, object content, content category, and target group . 

8. (Currently Amended) The method according to claim 7, further comprising [[of]] 
the computer system according to any of the claims 1-3. 



3 



Application Serial No.: 10/501,302 

Amendment in Response to Office Action dated July 9, 2007 
Amendment Date: March 7, 2008 

9. (Currently Amended) A computer system for providing security awareness in an 

organization, comprising: 

a memory means coupled to a central processor unit; 

an input device coupled to said central processor unit for receiving security 
information into said computer system; 

an output device coupled to said central processor unit for outputting security 
information; and 

an information security object (ISO) stored in said memory means, said 
information security object ISO including modular content derived from said security 
information and having a unique identifier and security level value, said unique identifier 
used to link said information security object ISO to an organization and said security 
level value used to create a security policy including the information security obj eet ISO 
which matches a default security level value of the organisation 

wherein said modular content includes an object category, an object descriptor, an 
object content, a content category, and a target group . 

10. (Currently Amended) The computer system of Claim 9, further comprising a 
survey module communicating with said memory means and said output means for generating 
from said information security object ISO an clement of a qu e stionnary questionnaire to be 
output by means of said output device. 

11. (Currently Amended) A method of providing security awareness in an 
organization, comprising: 

receiving security information; 

modularising the security information to create an information security object 

(ISO) : 

assigning a security level value to said information security obj e ct ISO ; and 
compiling said information security object into a security policy including other 

information security object ISOs having the same security level value; 

wherein said ISO contains content categorized as object category, object 

descriptor, object content, content category, and target group . 
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